Online Banking

Fraud Alerts

Stay abreast of the latest fraud alerts to learn how to help you avoid being a victim.

Dangerous Netflix Scam is Back

The bad guys are back to their old tricks with Netflix again. They are sending out email messages asking users to update their billing information but don’t click that link! If you do, the bad guys could steal your login details, your credit card data, your picture, your ID, and even more if they gain access to your computer or network.

Here are some tips on how to stay safe:

Never click on a login link or an account verification link in an email.

Check for the green HTTPS padlock in your browser's address bar. If there isn’t one, it means the site is not secure.

If there is a green HTTPS padlock in your browser's address bar, check the web address of the site. If it’s not exactly what you expect, don't click!

Don’t ignore telltale signs that it's a scam such as spelling and grammar errors.

Guard your ID closely. Never give away a picture of yourself or your ID when it isn’t absolutely necessary.

The bad guys are getting creative with a new hybrid attack that involves CEO Fraud and gift card scams.

There is a massive campaign underway where they impersonate an executive and urgently ask for gift cards to be bought for customers. Once the gift cards are physically bought from a store, the “boss” asks you to send them the redeem code/number via email or text.

Never comply with a request like this - it’s a scam! Always confirm a request with your boss over a live phone call or in person to make sure it’s not a scam. Sometimes it's OK to say "no" to the boss!

The bad guys know you like free stuff, but this time it’s going to cost you! They lure you to a fake website for a “free” gift card in exchange for seemingly harmless information. Once on the site, you are asked a series of questions. If you make it through all of the questions, you’ll earn a unique code to redeem a gift card - this code and gift card are worthless!

The bad guys are tricking you into offering up your personal information. Don’t be the victim!

Never share your sensitive data and always check if an offer is legitimate by contacting the company making the offer. Remember, there’s no such thing as a free lunch.

There is a new scam where hackers send you a text that asks you about a password reset on your account. If you did not request a password reset, they tell you to respond with STOP. This is a scam. The bad guys asked for that password reset and now want you to send them the authorization code! Don't fall for it. Below is an example of how the scam works:

Remember, Gmail will never ask for confirmation to NOT make changes to your account. You didn’t ask for a password reset, so you shouldn’t be asked about one. Do not reply to the text (doing so will tell the scammers that they have reached a valid number). To prevent losing your account to bad guys, it's a very good idea to have 2-step verification set up on your Google account. For more information about Google 2-step verification, copy and paste the link below in to your browser: https://www.google.com/landing/2step/

The bad guys love to spoof companies that we’re all familiar with. If you’re an Apple customer, you know they send emails on a regular basis, and this might make you inherently less suspicious of anything appearing to come from Apple.

Lately there’s been an increase in “Apple” scams. One of these phishing scams appears as a fake email invoice for your “recent Apple purchase”. Another scam is a “Reminder” email notifying you of an account login from an iPad in Monaco. The third, and possibly most attention-grabbing scam, is a smishing attempt informing you (via text message) that your Apple ID is expiring today. Any Apple user knows how vital an Apple ID is, and these hackers are purely relying on shock factor to hook their victims.

Always Remember: If you get a suspicious email or text from an account or online service that you use, log into your account through your browser (not through links in the email) to check the validity of the information presented in the suspicious email.

There is a new Direct Deposit phishing attack you need to watch out for. It's a sophisticated scam that starts with an official-looking email that asks you to click a link and access a website. Next, they ask you to confirm the data with your real username and password. Last, they use your info to access payroll portals, and reroute your direct deposit amounts to bank accounts owned by the bad guys. The lesson here is to never give anyone your credentials in response to an email.

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.

Here are some other steps to take to help protect yourself after a data breach:

Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.

Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.

If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.

File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

You may have already heard in the news about another widespread ransomware attack taking down large companies, hospitals, and transportation systems around Europe and the U.S. Labeled "NotPetya" by security authority Kaspersky Lab, it uses the same Windows vulnerability that the "Wannacry" ransomware did just a few weeks ago.

How does NotPetya work?
NotPetya doesn't just encrypt files, it also overwrites the Master Boot Record. This renders the machine unusable and prevents users from recovering any information on it. Unlike WannaCry, Petya does not include any type of "kill switch"

If you have been infected

Do not pay. You will not only be a financial criminal, but you are also unlikely to regain access to your files. The email account used to manage ransom demands, in this case, has been blocked. So the attackers' only known channel for communication at the moment, has been rendered useless.

Make sure that you keep a copy of the phishing email received from the attackers and provide it with the police, as it helps with their investigation.

Disconnect infected devices from the internet. If the infected device is part of a network, isolate it as soon as possible, to prevent the spread of the virus to other nodes in the network.

You can then format the hard drive, reinstall the operating system and apps, run any available updates and, finally, restore the locked files from your backup device

If you have not been infected

Keep all applications and the Operating System up to date. If you are offered the option of automatic updates by your device, take it.

Keep your data backed up, and create two copies - one in the cloud, and one is physical storage. It is easy to retrieve those files even if you are affected by Ransomware. Use robust security products to protect your system from all threats, including ransomware.

Do not use high privileges accounts (accounts with administrator rights) for daily business.

Even if trusted parties like banks send you suspicious or unexpected emails, do not click on the attachments or the links.

The ransomware attack, known as "Wannacry," has affected over 200,000 individuals and organizations worldwide, with a vast majority in Europe and Asia. As of the writing of this communication, there have been no infections detected or reported at any of Safety Net's client sites. We proactively ran full scans on various systems to be certain.

The cyber-attack that began on Friday, May 12, took advantage of a vulnerability in the Windows Operating System (OS). Safety Net had already pushed out a Microsoft patch that addressed the vulnerability during regular maintenance windows. Symantec created and pushed out a fix for the worm, as well.

This outbreak is a good example of why diligent maintenance of multi-layered protection (antivirus, patches, spam filtering, firewalls, and user education) is so important.

Google Docs users were recently hit with a phishing scam. During the attack, users were sent a deceptive invitation to edit a Google Doc, with a subject line stating a contact "has shared a document on Google Docs with you".

The email address hhhhhhhhhhhhhhhh|@|mailinator[.]com was also copied in to the message; Mailinator, a free email service provider has denied any involvement.

If users clicked on the "Open in Docs" button in the email, they were then taken to a real Google-hosted page and asked to allow a seemingly real service, called "Google Docs", to access their email account data.

By granting permission, users unwittingly allowed hackers to potentially access to their email account, contacts and online documents. The malware then e-mailed everyone in the victim's contacts list in order to spread itself.

Google Play and the Google Play logo are trademarks of Google Inc. Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc., registered in the U.S. and other countries.

Important Notice

You're leaving this website

When you click continue you will connect to another website which we do not own or operate.